1 Answer
1

CyanogenMod (the ancestor of LineageOS) compiles nightlies on its own build farm, but now without the backing of a corporate, LineageOS pay for 3rd-party servers. See costs here.

Among all AOSP-based ROMs, LineageOS has argulably the most strict standard for accepting a device into official queue, including a recently composed charter. A list of contributers / device maintainers can be seen here. Moreover, there's also a complete code review system that guarantees the non-malicious nature of commits.

On top of all above, all the device-dependent and -independent sources, sans Google apps, can be found on their GitHub. This might sound natural, but do note that for a lot of other ROMs, even if an "official" moniker is given to a device, its sources aren't necessarily readily available or easy to find.

Feel free to review the code on your own if you suspect a security breach.

Note that, for now, I can't find concrete worded evidence to back up the build servers part (it's from my memory), so if anyone has info to fill in or correct with, please do so freely.
– Andy YanJul 8 '18 at 14:05